Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Cincinnati Crane survives, and now thrives, after cybersecurity attack

About

Cincinnati Crane & Hoist is a very small veteran-owned manufacturer of world-unique overhead crane system solutions for commercial, industrial, defense, and specialty applications.  Located in Harrison, Ohio, Cincinnati Crane's 17 employees support Founder, President, and CEO Tony Strobl in his daily pursuit of creating the highest quality equipment that meets the needs of their customers.

The Challenge

In 2017, Cincinnati Crane experienced a devastating cybersecurity attack. The attackers compromised the company’s email system and executed pay fraud attacks against Cincinnati Crane’s customers. The resulting loss of revenue (over $250,000) and reputational damage nearly put the company out of business. Cincinnati Crane spent the next 18 months recovering from the attack. In 2019, the president of Cincinnati Crane asked TechSolve, part of the Ohio MEP and the MEP National Network™, to help make his organization more secure.
It's still hard to believe that a company our size garnered that type of attention from hackers.  We are so glad that we already had a relationship with the Ohio MEP and TechSolve that had the cybsecurity expertise to help us. We've learned a lot from this experience and want others to know that it's no longer something you can opt to do - this is a part of doing business today.
— Tony Strobl, President/CEO

MEP's Role

TechSolve performed a detailed cybersecurity risk assessment based on the NIST 800-171R2 Security framework, helped the company select a Managed Service Provider partner to assist with IT management and perform major IT infrastructure work, and then helped Cincinnati Crane  implement new processes and installed equipment to improve cybersecurity.
After several months of cybersecurity process improvement work, Cincinnati Crane has demonstrable advanced capabilities to resist and recover from cybersecurity attacks. The company is also aligned to the NIST 800-171R2 security framework and is positioned to become CMMC compliant when C3PAO assessors are available. At the end of the project, the company is assessed to be compliant with more than 85% of the NIST 800-171 security controls. The open items are documented in a Plan Of Action & Milestones (POAM) with a detailed strategy for continuous cybersecurity process improvement. This regulatory compliance has allowed Cincinnati Crane to aggressively pursue and win additional DoD contracts.
Created August 1, 2020